I have got some trouble in my workplace right now. Iím working at administrative department in private hospital. There was one major incident involving data theft and unauthorized disclosure of sensitive information that caused lawsuit which causes my hospital lost lot of money. We know that the culprit behind this incident is one of our staff, but we do not have evidence to pinpoint who has done it. The culprit had breach our server and steal those information.

Due to that incident, my hospital wants to setup digital forensic investigation team to ensure that the similar cases would not happen again in the future. I have zero knowledge on digital forensic investigation process therefore, I would like to as solution on:

1) what I need to do first to setup this investigation team
2) Is there any best practice regarding digital forensic investigation process that I can follow.
3) Job description of this team
4) Any tools that this team can use
5) Other input that might help me

I hope a response from all of you regarding this issue and maybe with your ideas/comments and solution can solve my cases.
Thank you